Security Researchers Warn of Risks Posed by Web-Based Android Market

A new Web-based app store that allows Android users to remotely download apps to their phone increases the potential fallout of a compromised Google account, security experts say.

Some security vendors are
raising the question whether the browser-based version of the Google
Android market could open up opportunities for attackers.

Google
recently launched a new version of the market that allows a device owner
to search for, buy and install applications on their mobile
device remotely over the Web from a desktop computer. To do this, all the
user needs to do is log in to their Google account.

While the capability was
meant as a nod to user convenience, some warn that the functionality increases
the potential fallout if someone's Google account is compromised.

"This is just one more
reason to create strong passwords, and be ever-vigilant about access to your
accounts and devices," blogged
Denis Maslennikov, senior malware analyst at Kaspersky Lab.

"If your smartphone is
connected to the Internet, you will immediately notice that on the device's
screen an install is already taking place," he wrote. "Why is this a problem?
When installing apps via the market on your phone, you must agree to all the
permissions being requested before the app will actually install on your phone."